SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libykpiv1-1.5.0-lp150.2.3.1.x86_64.rpm :

* Tue Aug 28 2018 kbabiochAATTsuse.com- Added CVE-2018-14779.patch: Fixed an buffer overflow and an out of bounds memory read in ykpiv_transfer_data(), which could be triggered by a malicious token. (CVE-2018-14779, bsc#1104809, YSA-2018-03)- Added CVE-2018-14780.patch: Fixed an buffer overflow and an out of bounds memory read in _ykpiv_fetch_object(), which could be triggered by a malicious token. (CVE-2018-14780, bsc#1104811, YSA-2018-03)- Used %license macro for COPYING (rather than %doc)- Applied spec-cleaner
* Thu Nov 30 2017 t.grunerAATTkatodev.de- Version 1.5.0 (released 2017-11-29) - API additions: Higher-level \"util\" API added to libykpiv. - Added ykpiv_attest(), ykpiv_get_pin_retries(), ykpiv_set_pin_retries() - Added functions for using existing PCSC card handle. - Support using custom memory allocator. - Documentation updates. make doxygen for HTML format. - Expanded automated tests for hardware devices, moved to make hwcheck. - OpenSSL 1.1 support - Moderate internal refactoring. Many small bugs fixed.
* Wed Nov 15 2017 t.grunerAATTkatodev.de- Version 1.4.4 (released 2017-10-17) - Documentation updates. - Add pin caching to work around disconnect problems. - Disable RSA key generation on YubiKey 4 before 4.3.5. See https://yubi.co/ysa201701/ for details.
* Mon May 29 2017 t.grunerAATTkatodev.de- Version 1.4.3 (released 2017-04-18) - Encode RSA x509 certificates correctly. - Documentation updates. - In ykcs11 return CKA_MODULUS correctly for private keys. - In ykcs11 fix for signature size approximation. - Fix PSS signatures in ykcs11. - Add a CLI flag --stdin-input to make batch execution easier.
* Wed Aug 17 2016 t.grunerAATTkatodev.de- Version 1.4.2 (released 2016-08-12) - Clarify license headers and clean up YKCS11 licensing. Now uses pkcs11.h from the Scute project. - Don’t install ykcs11-version.h. - No cflags in ykcs11.pc. - Unimplemented YKCS11 functions now return CKR_FUNCTION_FAILED.- Version 1.4.1 (released 2016-08-11) - Documentation updates - Add possibility to export certificates in SSH format. - Make certificate serial number random by default.
* Tue May 17 2016 t.grunerAATTkatodev.de- Version 1.4.0 (released 2016-05-03) - Add attest action When used on a slot with a generated key, outputs a signed x509 certificate for that slot showing that the key was generated in hardware. Available in firmware 4.3.0 and newer. - Add cached parameter for touch-policy With cached, the touch is valid for an additional 15s. Available in firmware 4.3.0 and newer. - Enforce a minimum PIN length of 6 characters. - Fix a bug with list-readers action where it fell through processing into write-object.
* Mon Apr 25 2016 t.grunerAATTkatodev.de- Version 1.3.1 (released 2016-04-19) - Fix a bug where unblock pin would instead change puk, introduced in 1.3.0. - Clarifications with help texts.- Version 1.3.0 (released 2016-02-19) - Fixed extraction of RSA modulus and exponent for pkcs11. - Implemented C_SetPIN for pkcs11. - Add generic write and read object actions for the tool. Supports hex/binary/base64 formats - Add ykpiv_change_pin(), ykpiv_change_puk() and ykpiv_unblock_pin() - Print CCC with status action. - Address bugs with pkcs11 on windows. - Add --valid-days and --serial to tool for selfsign-certificate action. - Ask for password for pkcs12 if none is given.
* Fri Dec 11 2015 t.grunerAATTkatodev.de- Version 1.2.2 (released 2015-12-08) - Fix old buffer overflow in change-pin functionality.- Version 1.2.1 (released 2015-12-08) - Fix issue with big certificates and status.- Version 1.2.0 (released 2015-12-07) - On OSX use AATTloader_path instead of AATTexecutable_path for ykcs11. - Add ykpiv_import_private_key to libykpiv. - Raise buffer sizes to support bigger objects. - Change behavior of action status, only list populated slots. - Add retired keys to ykcs11. - In ykcs11 support login with non null terminated pin. - Add a new action set-ccc to yubico-piv-tool to set the CCC.
* Wed Nov 18 2015 t.grunerAATTkatodev.de- Version 1.1.2 (released 2015-11-13) - Properly handle DER encoding in ECDSA signatures.
* Thu Nov 12 2015 t.grunerAATTkatodev.de- Version 1.1.1 (released 2015-11-11) - Make sure SCardContext is properly acquired and released.
* Fri Nov 06 2015 t.grunerAATTkatodev.de- Version 1.1.0 (released 2015-11-06) - Add support for new YubiKey 4. - Add ykcs11.
* Tue Oct 13 2015 t.grunerAATTkatodev.de- Add dependencive in .spec file
* Thu Oct 01 2015 t.grunerAATTkatodev.de- Version 1.0.3 (released 2015-10-01) - Correct wording on unblock-pin action. - Show pin retries correctly. - Use a bigger buffer for receiving data.
* Tue Sep 15 2015 t.grunerAATTkatodev.de- Version 1.0.2 (released 2015-09-04) - Query for different passwords/pins on stdin if they’re not supplied. - If a reader fails continue trying matching readers. - Authentication failed is supposed to be 0x63cX not 0x630X.
* Sat Jul 11 2015 t.grunerAATTkatodev.de- Version 1.0.1 (released 2015-07-10) - Project relicensed to 2-clause BSD license - Minor fixes found with clang scan-build
* Wed Jul 08 2015 t.grunerAATTkatodev.de- Version 1.0.0 (released 2015-06-23) - Add a test-decipher action. - Check that e is 0x10001 on importing rsa keys - Use PCSC transactions when sending and receiving data
* Mon Apr 27 2015 cdenicoloAATTsuse.com- license update: GPL-3.0+ COPYING files says package is under GPL-3.0+.
* Thu Mar 26 2015 t.grunerAATTkatodev.de- Version 0.1.6 (released 2015-03-23) Add a read-certificate action to the tool. Add a status action to the tool. Fix a library bug so NULL can be passed to ykpiv_verify() Add a test-signature action to the tool.
* Mon Feb 09 2015 t.grunerAATTkatodev.de- Version 0.1.5 (released 2015-02-04) Revert the check for parity and just set parity before the weak check.
* Tue Feb 03 2015 t.grunerAATTkatodev.de- Version 0.1.4 (released 2015-02-02) Prompt for input if input is stdin. Mark all bits of the signature as used is certs and requests. Correct error for unblock-pin. Fix hex decode to decode capital letters and return error. Check parity of new management keys.
* Fri Jan 23 2015 t.grunerAATTkatodev.de- Version 0.1.3 (released 2014-12-18) Add format DER for importing certificates. Make sure diagnostic feedback ends up on stderr. Add positive feedback for a couple of actions.- Version 0.1.2 (released 2014-11-14) Fix an issue where shorter component of RSA keys where not packed correctly.- Version 0.1.1 (released 2014-11-10) Correct broken CHUID that made windows work inconsistently. Add support for compressed certificates. Fix broken unblock-pin action. Don’t try to accept to short keys for mgm key. Only do applet authentication if needed. Add --hash for selecting what hash to use for signatures. Add hidden --sign command. Should probably not be used. Fix for signature algorithm in selfsigned cert.- Version 0.1.0 (released 2014-08-25) Break out functionality into a library. More testing.- Version 0.0.3 (released 2014-05-26) Add delete-certificate action. Fix minor bugs.- Version 0.0.2 (released 2014-02-19) Fix an offset bug with CHUID. Do full mutual auth with the applet.- Version 0.0.1 (released 2014-02-11) Initial release.
  
ICM